<?php
	
	//modifyUser.php
	//Function used to modify User/Address information stored within the database.
	//Original Creator: Paul Venn
	
	//Includes exectureQuery.php and executeInsertQuery.php to assure Database Connection and SQL Execution
	include "executeInsertQuery.php";
	include "executeQuery.php";
		
	//Retrieves User Information from ActionScript	
	$userID = $_REQUEST['userID'];
	$userPassword = $_REQUEST;'userPassword'];
		
	echo modifyUser($userID, $userPassword);

	function modifyUser($userID, $userPassword)
	{		
		//Retrieves User Information from ActionScript	
		$newuserID = $_REQUEST['newuserID'];
		$newuserPassword = $_REQUEST['newuserPassword'];
		$newuserFirstName = $_REQUEST['newuserFirstName'];
		$newuserLastName = $_REQUEST['newuserLastName'];
		$newuserEmail = $_REQUEST['newuserEmail'];
		$newuserDOB = $_REQUEST['newDay'] . "-" . $_REQUEST['newMonth'] . "-" . $_REQUEST['newYear'];
		$newaddressUserID = newuserID;
		$newaddressType = $_REQUEST['newaddressType'];
		$newaddressStreetNumber = $_REQUEST['newaddressStreetNumber'];
		$newaddressStreetName = $_REQUEST['newaddressStreetName'];
		$newaddressTown = $_REQUEST['newaddressTown'];
		$newaddressPostCode = $_REQUEST['newaddressPostCode'];
		$newaddressState = $_REQUEST['newaddressState'];

		//Basic query to collect all data that has the ID productID
		$passQuery = "SELECT `userPassword` FROM `tblUsers` WHERE `userID` = '" . $userID . "'";
        $passResults = executeQuery($passQuery);
		$passArray = mysql_fetch_array($passResults);


		//If Statement used to check if the correct password was supplied, if not, then produce an error message
		if ($passArray['userPassword'] != md5($userPassword) || $passArray['userPassword'] == NULL) {
			echo "Invalid username or password\n";
			return NULL;
		}
		else {	
			//Query used to update the User's normal information
			$userQuery = "UPDATE `cp3003_09_g05`.`tblUsers` SET `userID` = '" . $newuserID . "', `userPassword` = '" . md5($newuserPassword) . "', `userFirstName` = '" . $newuserFirstName . "', `userLastName` = '" . $newuserLastName . "', `userEmail` = '" . $newuserEmail . "', `userDOB` = '" . $newuserDOB . "' WHERE `tblUsers`.`userID` = '" . $userID . "'";
			$userModifyQuery = executeInsertQuery($userQuery);	
				
			//Query used to update the User's Address information	
			$userAddressQuery =	"UPDATE `cp3003_09_g05`.`tblAddresses` SET `addressUserID` = '" . $newaddressUserID . "', `addressType` = '" . $newaddressType . "', `addressStreetNumber` = '" . $newaddressStreetNumber . "', `addressStreetName` = '" . $newaddressStreetName . "', `addressTown` = '" . $newaddressTown . "', `addressPostCode` = '" . $newaddressPostCode . "', `addressState` = '" . $newaddressState . "' WHERE `addressUserID` = '" . $userID . "'"
			$userModifyAddressQuery = executeInsertQuery($userAddressQuery);
			}	
	}
?>